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(57) Abstract 

A system, described in reference to the figure, for providing secure transmission of an encrypted file over a computer network (16) 
having a central file server (12) operatively connected through a communication line with a remotely located client server (14). A data 
encryption and input unit (18) operatively connected to the central file server (12) and capable of receiving and encrypting a plurality of 
files. The central file server (12) uploads selected pre-encrypted files from the encryption and input unit (18). The remote server includes 
a protocol handler (22) which utilizes an existing protocol to spoof the central file server (12) to transmit selected files in an encrypted 
form to the remote server (14). The protocol functions then to algorithmically decrypt the files by generically modifying the incoming data 
associated with the file and a content handler (28) connected (26) to the protocol handler (22) then forwards (30) the modified data to a 
pre-loaded software program for opening and presentation. 
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SYSTEM AND METHOD FOR TRANSMISSION OF ENCRYPTED 

L FILESEROM-A-CENTR ALSERVER .COMPUTER 

TO A REMOTE COMPUTER 

Field of the Invention 

The present invention relates generally to data encryption systems and 

techniques and, more particularly, to a system for providing secure 

transmission of encrypted files from a central server computer to a remote 
0 computer and method for practicing the same and which utilizes existing 

protocols, servers and clients. 

Description p f j\ K pri vr AH 

The use of Internet technologies for delivering various types of data 
content has increased dramatically in the past few years. Public networks have 

5 made the electronic transfer of data between organizations relatively simple. 
However, with the simplicity comes great security risks. Numerous solutions 
have been proposed for securing data during its transmission over a network, 
such as various encryption schemes, and the result of which is the existence of 
a burgeoning amount of Internet commerce. Additionally, much of this data 

0 delivery has spawned the creation of customized client/server combinations or 
content-handling programs to view data files and it has been found that the 
continual creation of software to provide access to new types of data, and in 
particular encrypted data, becomes very inefficient. 

According to existing systems, data is uploaded to a central file server 

5 in unencrypted form and prior to subsequent encryption and transmission over 
a network to a remote server. Typically, a protocol handier at the remote client 
location or server requests a file over the network from the central server. The 
file is requested from the server and the server responds with the file and a 
MIME type. 
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Upon receiving the encrypled file, the protocol handler forwards the 
data within the file t o a co ntent handler unit. T he content handler typimlly 
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employs one or more decryption programs for algoritiunically decrypting tlie 
specific types of transferred file, such as tire graphic, text and audio 
components for subsequent display by another program. The content handler 
_may,further-be built-into the-network browser or function as~a staWalbnelTint: 
A number of different MIME types are defined to execute the appropriate 
content handler. 

The drawbacks of such conventional encryption systems include that the 
file must be recognized as encrypted and forwarded on to an encryption 
program. After decryption, the file must again be recognized to launch the 
proper viewing software. This type of identification is very inconsistent and 
often encryption programs do not maintain information about the type of data 
being encrypted. The user is typically then left with the burden of determining 
what type of data is actually encrypted and/or Uiis then involves having to 
ulilize a special server and a special piece of client software for decrypting a 
file. 

A further drawback includes having to integrate data from several 
sources or different types of data onto one screen. As an example, if a World 
Wide Web browser needs to display a encrypted graphic, some text, and a 
video clip, current technology would not enable this to occur. The only 
solution would then be to define specific MIME types for the encrypled version 
or each media type and write decrypting content handlers for each type. This 
results in a doubling of the number of content handlers required and attendant 
amount of exlra code that needs lo be developed to facilitate such functionality. 
A further evident shortcoming of the existing system is ihe danger of 
maintaining files in unencrypted form on the central file server and prior to 
subsequent encryption and transmission, such danger arising in the form of data 
iheft from employees, contractors and other persons having access to the central 
30 server. 
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Summary of the Present Invention 

-i-Iie-present-invention-provides-a -syslem-for— providing— secure 



■ - -J - |/i wriUMIg, 

transmission of an encrypiecl file over a computer network anil which is a 
marked improvement over the above-described prior art. According to the 
5 present invention, a data encryption and input unit is operatively connected to 
tiie-centra|-file server for inputting alidWryptirig the fife pnorlo Them bein~g 
stored in the central server. This is accomplished utilizing any conventional 
encrypting algorithm and enabling the central server to call up selected files. 
A protocol handler is operatively connected to a remotely located client 
1 0 or server and functions to request the encrypted file or files to be transmitted 
from the central server. The protocol handler specifically sends its request 
utilizing an existing network protocol and in effect "spoofs" the central server 
into sending data to the client which is in effect stored in the central server as 
if it was not encrypted and with die same type labeling as an unencrypted file. 
15 The effect of "spoofing" die central server causes the protocol handler to 
genet ically modify the incoming data (the equivalent of decryption) and thus 
providing a key decryption function which is otherwise reserved to Uie prior art 
systems. The protocol handler further is capable of modifying the data in this 
instance in such a way that it provides previously existing content types to the 
20 content-handling algorithm of the client. 

Using this system, any type of data can be encrypted and displayed if 
the original type of data can be displayed. All existing content handlers will 
function normally because U,ey are dealing with unencrypted data when they 
are called. The result is U ia t the protocol handler essentially substitutes for the 
functions of the content handler previously provided by the content handler in 
decrypting the files and provides for an attendant reduction in necessary 
software code and more efficient opening and viewing of the decrypted files. 
This is so because the need for specialized servers and content-handlers is 
eliminated through the protocol spoofing function. 
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Brief Description of the Drawings 

Reference wil l"tio w be inad^to ili^til^ii^d^rawijigs, when reaiTin 
combination with the following -pecificalion, wherein like reference nuincrnl.s 
refer to like parts throughout the several views, and in which: 

Fig. 1 is a schematic view of the system for providing secure 
transmission of an encrypted file over a computer network according to the 
present invention. 

Pe tailed Description of the Preferred Embodiment 

Referring now to Fig. 1, a system for providing secure storage and 
transmission of an encrypted file over a computer network is illustrated at 10 
according to the present invention. A central file server 12 according to known 
construction is operably connected tlirough a communication line to a remotely 
located client or server 14. The remote client 14 can qualify as any PC 
computer or the like. A network connection, illustrated schematically at 16, 
is known in the art and is capable of operably connecting the central file server 
12 with a plurality of individually located and remote client's or servers. 

A data encryption and input unit 18 is operably connected to the central 
file server 12 and is capable of receiving and encrypting a plurality of files 
prior to uploading to the central server 12. As was previously discussed, it is 
advantageous to encrypt files prior to uploading to the central server in order 
to prevent unauthorized access or tampering by internal personnel at the central 
location. 

The procedure for calling up and transmitting encrypted files from the 
central server as diagrammatically illustrated in Fig. 1 includes the step of the 
central server 12 first communicating along a line 20 across a network and to 
selected remote server 14. As is known in the art, a central server 12 could 
typically connect to large pluralities of remote client servers, however only a 
single server is illustrated for convenience sake. 

The data is encrypted and stored on the central file server 12 in a 
format consistent as if it was not encrypted and with the same type labeling as 
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an unencrypted file, particularly such as in a hyper text transmission protocol 
" "(http)-or:a-f]le trajisfer protocol-(ftp)- Fonning an inlegral part oMhe-client, 
or forming a separated and connected part, is a protocol handler 22 which 
functions to request, through the network 16, a selected file or files from the 
central server 12. This is accomplished by the protocol handler 22 making a 
request for information using a locally defined network protoco^d sending 
the request along a communication line defined at 24 extending from the 
protocol handler 22, through the network 16 and to the central file server 12. 
The request thus invokes a new protocol-handler and in effect "spoofs 0 the 
central server 12 into sending the encrypted data, labeled in unencrypted form, 
to the client. 

The protocol handler 22, once it receives the encrypted data through the 
remote server 14 and via line 20, algorithmically decrypts the data genericaliy 
modifying the data in such a way that it provides previously existing content. 
The trigger used to open encrypted files is the relabeling of an existing protocol 
handler. As an example, a HTTP protocol could be relabeled as MDRP and 
would still connect to the server using standard HTTP protocol. Likewise, a 
FTP protocol may be employed. However, when the data is received, the type 
of encryption, if any, would be determined by the client's protocol handler. 

A single protocol handler decrypts all possible data types and then sends 
the unencrypted files, via a line 26, to a content handler 28 operably connected 
thereto which determines the type of data utilizing one or more MIME types 
and Uien forwards the data, via a further line 30, to another software program 
and viewer 32 for opening the file. By utilizing protocol spoofing the one 
protocol handler eliminates the need for many separate content handlers and 
MIME types. 

Manifestations of the above-described system include the design of 
prototype health information systems which model a method to provide access 
to medical records over the Internet. Also, the technique of protocol spoofing 
could also be used for data conversion or any other types of systems which 
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involve the. application of a standard algorithm. For example, a compression 
„ aigoritlmuhat.sayes.space^^^ 
protocol handler. The data would be stored in a compressed fashion possibly 
using an uploading spoofing protocol handler. The data could then be retrieved 
using the same protocol handler with the complementary decompression 
algorithm:" - — 

A method of providing for secure transmission of an encrypted file 
utilizing the system according to the present invention is also disclosed and 
includes the steps of loading the selected file or files into a data encryption and 
input unit which is operalively connected to the central file server and 
encrypting the file according to any conventionally known procedure. 
Additional steps include the protocol handler requesting transmission of the file 
over the network utilizing an existing protocol and decrypting the file through 
generically modifying the incoming data and transferring the decrypted file lo 
a content handler for subsequent presentation by a software viewer. 

Having described my invention, additional preferred; embodiments will 
become apparent to those skilled in the art to which it pertains without 
deviating from the scope of the appended claims. 
1 claim: 
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Claims 

1 ~ 1~— Asystem for-providing-secure -transmission-of.an^encrypte d file ov er 

2 a computer network, said system comprising: 

3 a central file server; 

4 said central file server operably connecting through a communication 

5 line with a remotely located server; 7 ~ — - - - 

6 a data encryption and input unit operably connected to said central file 

7 server and capable of receiving and encrypting a plurality of files; 

8 said central file server uploading selected pre-encry pled files from said 

9 encryption and input unit; 

10 said remote server further including a protocol handler operably 

1 1 connected thereto, said protocol handler requesting at least one of said plurality 

12 of encrypted files using a standardized protocol to be transmitted from said 

13 central file server; 

14 said protocol handler decrypting said at least one file by generically 

15 modifying incoming data associated with said file; and 

16 a content handler operably connected to said protocol handler and 

17 receiving said decrypted file, said content handler forwarding said modified 

18 data to a pre-loaded software program for subsequent display. 

1 2. The system as described in claim 1; further comprising said data 

2 being stored in said central file server utilizing an identical type labeling as a 

3 corresponding unencrypted file. 

1 3. The system as described in claim 1, further comprising said content 

2 handler determining the type of data sent by said protocol handler utilizing one 

3 or more MIME types. 

1 4. The system as described in claim 1, further comprising said protocol 

2 handler being capable of decrypting all data types. 
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5. The system as described in claim 4, said standardized protoco l 



2 further comprising an HTTP protocol . 

1 6. The system as described in claim 4, said standardized protocol 
_2 further-comprising a FTP^protocoh 

• 7 . The system as described in claim 1 , further comprising said protocol 

2 handler algorithmically decrypting said at least one file through the use of one 

3 or more keys. 

1 8. A method for providing secure transmission of an encrypted file over 

2 a computer network, comprising the steps of: 

3 loading a selected file h;lo a data encryption and input unit which is 

4 operatively connected to a central file server; 

5 encrypting said selected file within said encryption and input unit and 

6 uploading said file into said central file server; 

requesting said encrypted file for transmission over the network from 

8 a protocol handler operatively communicating with said remote server and 

9 utilizing an existing protocol to obtain said encrypted files; 
decrypting said file through said protocol handler utilizing a private key 

and by generically modifying the incoming data associated with said file; and 
transferring said decrypted file to a content handler operative))- 
connected to die protocol handler for forwarding to a software viewer for 
14 opening and presentation. 
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